Difference between revisions of "Client Authentication:Mepis"
m (categorisation) |
|||
(51 intermediate revisions by 3 users not shown) | |||
Line 5: | Line 5: | ||
MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support. | MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support. | ||
− | ==Client configuration | + | ==Client configuration== |
− | + | {{Level|advanced}} | |
+ | SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME Server. | ||
+ | |||
+ | These instructions are current for Mepis 7.0 and SME Server 7.3 | ||
+ | |||
+ | Client configuration was originally based on http://tech.canterburyschool.org/tech/UbuntuWorkstations. | ||
===Domain Login=== | ===Domain Login=== | ||
A Domain login lets users login without admin setting up each user first. | A Domain login lets users login without admin setting up each user first. | ||
− | + | ====Client configuration==== | |
− | + | apt-get install winbind libpam-mount | |
− | + | nano -w /etc/samba/smb.conf | |
− | + | workgroup = 'Your Windows workgroup' # probably correct, you set this during install | |
− | + | security = domain # edit, set to user | |
− | workgroup = | + | wins server 192.168.1.1 # edit, to your server IP |
− | + | ;password server = * # remove line | |
− | + | winbind uid = 10000-20000 | |
+ | winbind gid = 10000-20000 | ||
template shell = /bin/bash | template shell = /bin/bash | ||
template homedir = /home/%U | template homedir = /home/%U | ||
Line 27: | Line 33: | ||
winbind enum groups = yes | winbind enum groups = yes | ||
winbind cache time = 10 | winbind cache time = 10 | ||
− | winbind separator = | + | winbind separator = / |
− | |||
− | |||
winbind use default domain = yes | winbind use default domain = yes | ||
+ | acl compatibility = winnt | ||
nano -w /etc/nsswitch.conf | nano -w /etc/nsswitch.conf | ||
− | + | ||
passwd: compat winbind | passwd: compat winbind | ||
group: compat winbind | group: compat winbind | ||
shadow: compat winbind | shadow: compat winbind | ||
+ | hosts: files wins dns | ||
nano -w /etc/pam.d/common-account | nano -w /etc/pam.d/common-account | ||
− | + | ||
account sufficient pam_winbind.so | account sufficient pam_winbind.so | ||
account required pam_unix.so | account required pam_unix.so | ||
nano -w /etc/pam.d/common-auth | nano -w /etc/pam.d/common-auth | ||
− | + | ||
auth required pam_mount.so | auth required pam_mount.so | ||
− | + | ||
− | |||
## will validate ONLY off of network | ## will validate ONLY off of network | ||
#auth required pam_winbind.so use_first_pass | #auth required pam_winbind.so use_first_pass | ||
− | + | ||
− | |||
## will validate off of EITHER network or local passwd db | ## will validate off of EITHER network or local passwd db | ||
auth sufficient pam_winbind.so use_first_pass | auth sufficient pam_winbind.so use_first_pass | ||
Line 57: | Line 61: | ||
nano -w /etc/pam.d/common-session | nano -w /etc/pam.d/common-session | ||
− | + | ||
session required pam_unix.so | session required pam_unix.so | ||
session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ | session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ | ||
session optional pam_mount.so | session optional pam_mount.so | ||
− | /etc/ | + | optional, do later if needed, add to |
+ | nano -w /etc/hosts | ||
+ | 192.168.1.1 YourServername | ||
− | + | /etc/init.d/samba restart | |
+ | /etc/init.d/winbind restart | ||
+ | |||
+ | If you misconfigure a file and lock yourself out of the workstation <br> | ||
+ | hit spacebar at the grub prompt <br> | ||
+ | change to root=(leave as is) single <br> | ||
+ | login as root and check your config files | ||
+ | |||
+ | ====Connect to domain==== | ||
+ | on SME 7.3 and above | ||
+ | |||
+ | On the client [''Workgroup'' is your SME Server Workgroup] | ||
+ | and admin may be any user in the 'domain-admin' group | ||
+ | net rpc join -D '''WorkGroup''' -U admin | ||
+ | |||
+ | Log out, and now you should have all your SME Users in your login 'user list' | ||
+ | |||
+ | ====Mounting Shares==== | ||
+ | pam_mount works well if you use domain logins, other methods are too much trouble. | ||
+ | |||
+ | mount your server home directory and ibays | ||
+ | |||
+ | nano -w /etc/security/pam_mount.conf | ||
− | + | volume * smbfs servername & /home/&/Desktop/& uid=&,gid=10000,dmask=0700 - - | |
− | ''' | + | volume * smbfs servername ibay1 /home/&/Desktop/ibay1 uid=&,gid=10000,dmask=0700 - - |
− | ''' | + | |
+ | ===Printing=== | ||
+ | Printing to your SME Server depends on your printers being supported by cups | ||
+ | |||
+ | '''cupsd''' | ||
+ | |||
+ | When you install mepis, when asked you should elect to run cupsd | ||
+ | |||
+ | check and if necessary change with | ||
+ | ls -la /etc/rc5.d/???cupsys | ||
+ | cd /etc/rc5.d | ||
+ | mv K??cupsys S20cupsys | ||
+ | |||
+ | '''Configure printer''' | ||
− | + | K menu > Settings > Peripherals > Printers | |
− | |||
− | + | Administrator Mode | |
− | |||
− | + | Add Printer > SMB Printer > Normal Account, and enter your SME username and password | |
− | + | Enter your workgroup, servername, and printer name as setup in the /server-manager workgroup and printer panels | |
− | + | Select your Printer from the cups database, check settings and print a test page | |
− | |||
− | |||
− | |||
− | + | Enter the rest of wizard details to suit. | |
− | |||
− | + | You can monitor your cups printers at YourClientIP:631 | |
− | + | ===Ident=== | |
+ | If using Ident Authentication for browsing | ||
+ | apt-get install ident2 | ||
− | |||
− | + | ===PPTP Connection=== | |
+ | When you install mepis, when asked you should elect to run ppp | ||
− | To | + | To Connect to a remote SME Server |
+ | apt-get install pptp-linux kvpnc | ||
− | + | K menu > Internet > Connection > VPN Client | |
− | + | ===Applications=== | |
+ | *Install VMware, http://www.mepis.org/docs/en/index.php/VMWare#MEPIS_7.0 | ||
− | + | *Install a subversion client, synaptic -> kdesvn | |
− | === | + | *Enable mp3 & multimedia |
+ | :Synaptic > settings > repositories. Activate the repository for Debian-Multimedia | ||
+ | :Then install Libdvdcss2 and w32codecs | ||
+ | |||
+ | ===Settings=== | ||
+ | *Thunderbird, to enable links in email | ||
+ | :Advance,General,Config Editor, Right Click, New > String | ||
+ | : preference=network.protocol-handler.app.http, string=firefox | ||
+ | : preference=network.protocol-handler.app.https, string=firefox | ||
+ | |||
+ | *Enable Numlocks | ||
+ | :http://www.mepis.org/node/6937 | ||
+ | |||
+ | ---- | ||
+ | [[Category:Howto]] | ||
+ | [[Category:Administration]] |
Latest revision as of 20:34, 11 May 2010
About Mepis
MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support.
Client configuration
SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME Server.
These instructions are current for Mepis 7.0 and SME Server 7.3
Client configuration was originally based on http://tech.canterburyschool.org/tech/UbuntuWorkstations.
Domain Login
A Domain login lets users login without admin setting up each user first.
Client configuration
apt-get install winbind libpam-mount
nano -w /etc/samba/smb.conf workgroup = 'Your Windows workgroup' # probably correct, you set this during install security = domain # edit, set to user wins server 192.168.1.1 # edit, to your server IP ;password server = * # remove line winbind uid = 10000-20000 winbind gid = 10000-20000 template shell = /bin/bash template homedir = /home/%U winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind separator = / winbind use default domain = yes acl compatibility = winnt
nano -w /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files wins dns
nano -w /etc/pam.d/common-account account sufficient pam_winbind.so account required pam_unix.so
nano -w /etc/pam.d/common-auth auth required pam_mount.so ## will validate ONLY off of network #auth required pam_winbind.so use_first_pass ## will validate off of EITHER network or local passwd db auth sufficient pam_winbind.so use_first_pass auth required pam_unix.so use_first_pass
nano -w /etc/pam.d/common-session session required pam_unix.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ session optional pam_mount.so
optional, do later if needed, add to nano -w /etc/hosts 192.168.1.1 YourServername
/etc/init.d/samba restart /etc/init.d/winbind restart
If you misconfigure a file and lock yourself out of the workstation
hit spacebar at the grub prompt
change to root=(leave as is) single
login as root and check your config files
Connect to domain
on SME 7.3 and above
On the client [Workgroup is your SME Server Workgroup] and admin may be any user in the 'domain-admin' group
net rpc join -D WorkGroup -U admin
Log out, and now you should have all your SME Users in your login 'user list'
pam_mount works well if you use domain logins, other methods are too much trouble.
mount your server home directory and ibays
nano -w /etc/security/pam_mount.conf volume * smbfs servername & /home/&/Desktop/& uid=&,gid=10000,dmask=0700 - - volume * smbfs servername ibay1 /home/&/Desktop/ibay1 uid=&,gid=10000,dmask=0700 - -
Printing
Printing to your SME Server depends on your printers being supported by cups
cupsd
When you install mepis, when asked you should elect to run cupsd
check and if necessary change with
ls -la /etc/rc5.d/???cupsys cd /etc/rc5.d mv K??cupsys S20cupsys
Configure printer
K menu > Settings > Peripherals > Printers
Administrator Mode
Add Printer > SMB Printer > Normal Account, and enter your SME username and password
Enter your workgroup, servername, and printer name as setup in the /server-manager workgroup and printer panels
Select your Printer from the cups database, check settings and print a test page
Enter the rest of wizard details to suit.
You can monitor your cups printers at YourClientIP:631
Ident
If using Ident Authentication for browsing
apt-get install ident2
PPTP Connection
When you install mepis, when asked you should elect to run ppp
To Connect to a remote SME Server
apt-get install pptp-linux kvpnc
K menu > Internet > Connection > VPN Client
Applications
- Install VMware, http://www.mepis.org/docs/en/index.php/VMWare#MEPIS_7.0
- Install a subversion client, synaptic -> kdesvn
- Enable mp3 & multimedia
- Synaptic > settings > repositories. Activate the repository for Debian-Multimedia
- Then install Libdvdcss2 and w32codecs
Settings
- Thunderbird, to enable links in email
- Advance,General,Config Editor, Right Click, New > String
- preference=network.protocol-handler.app.http, string=firefox
- preference=network.protocol-handler.app.https, string=firefox
- Enable Numlocks